Disable JIT account from HaloPSA with API call
Leverage idemeum APIs to disable Entra JIT accounts.
— Nik Pot
Overview
Technicians can request Entra ID JIT accounts right from HaloPSA with our existing iFrame integration.
However, requested JIT accounts will be disabled after a certain period of time, by default it is 4 hours
. If you want to immediately disable these requested JIT accounts, you can leverage idemeum APIs.
Obtain access credentials
In order to call idemeum APIs for your tenant, you need to obtain access credentials.
- Access your MSP portal admin dashboard
- Navigate to
Settings
→Integrations
and clickAdd oAuth2 client
- Create a new set of oAuth credentials by providing the name, and you will be presented with
client id
andsecret
to be used for API calls
- Copy these credential as
client secret
is only presented once
Configure HaloPSA
- In HaloPSA navigate to
Configuration
→Integrations
→Custom integrations
- Click
New
- Create an integration and provide the following details:
- Provide an integration name
- Base resource →
https://<yout_tenant>.idemeum.com/api/integrations
and replace your actual tenant name - Authorization →
oAuth2
- Authorization header name →
Authorization
- Header prefix →
Bearer
- Grant type →
Client credentials
- Access token URL →
https://<yout_tenant>.idemeum.com/api/oauth2/v1/token
and replace your actual tenant name - Enter client ID and secret that you obtained in the previous step
- Save the configuration
- Now in the same tab click on
Methods
to create an HTTP POST method
- Configure the following:
- Provide method name
- HTTP method →
POST
- Path →
/entrajitaccounts
- Headers:
Content-Type: application/vnd.dvmi.entra.app.user.disable+json
- Body provided below
{
"customerDisplayName" : "<your_customer_display_name>",
"technicianEmailAddress" : "<user's email address>"
}
As an example here is what we used:
{
"customerDisplayName" : "Demo PAM tenant",
"technicianEmailAddress" : "nik@nikpot.com"
}
- Once you
Save
the configuration you can test the API call for this integration. You should see the success response.
- Now you can navigate to
Integrations
→Custom integrations
→Integration runbooks
and create a run-book to call idemeum API when the ticket is closed.